It’s certainly not good news that Target knew there were hackers in its system well before they said they did. The company’s security system FireEye detected malware and alerted personnel on Nov. 30 — before the hackers started removing credit card data from Target’s servers, according to a report from Bloomberg Businessweek.
The FireEye security system has a function that automatically deletes the malware it detects, but Target’s security team had turned it off. On Dec. 2, the system started hemorrhaging payment card data.
Frustrating, isn’t it?
But as disappointed as you may be in Target’s failure to act, you shouldn’t be surprised.
“They had a system, but no one’s really sure if they had a plan,” said Adam Levin, co-founder and chairman of Credit.com and IDentity Theft 911. “The key thing when you have situations like this is to know exactly what to do and move very quickly.”
Target employs more than 300 information security team members, and the company spent $1.6 million on the malware detection program from FireEye, according to Bloomberg. But when it came time to act on the information generated by the security program, things seemingly fell apart. IDentity Theft 911 works with business on this very problem — taking action — and Levin says many businesses aren’t taking a holistic approach to cybersecurity.
With identity theft, consumers and businesses need to aggressively monitor for suspicious activity, and there has to be a damage control program in place for when the red flags start flying. Businesses (and you) have to commit resources to doing so. (You can monitor your credit for free using the free Credit Report Card, a tool that updates two of your credit scores every months. Any unexpected change in your scores could signal identity theft, and you should check your free annual credit reports to confirm.)
Levin compared the Target situation to the ride of Paul Revere — if no one listened to him.
“This is a cyber war. We’re in it but the question is how are we going to fight it,” Levin said. “You can’t fight it if you have someone riding through town saying ‘They’re coming! They’re coming!’ and everyone is sitting in their houses saying, ‘Well, let’s see how many come first.’”
There are currently more than 90 lawsuits filed against Target in relation to the end-of-year data breach that compromised millions of credit cards.
Target Chairman, President and CEO Gregg Steinhafel issued an emailed statement to Bloomberg: “While we are still in the midst of an ongoing investigation, we have already taken significant steps, including beginning the overhaul of our information security structure and the acceleration of our transition to chip-enabled cards. However, as the investigation is not complete, we don’t believe it’s constructive to engage in speculation without the benefit of the final analysis.”
More on Identity Theft:
- Identity Theft: What You Need to Know
- How Do I Dispute an Error on My Credit Report?
- 3 Dumb Things You Can Do With Email
- The Risks You Face From Identity Theft
- How Can You Tell If Your Identity Has Been Stolen?
- What Should I Do If I’m a Victim of Identity Theft?
- How Credit Impacts Your Day-to-Day Life